Setting Up HTTPS (manual setup) or HTTP
To enable HTTPS or HTTP for your custom domain:
Navigate to Settings > Help Center > Configure & Style
Under the "Domain" section, locate the "Security protocol" setting
Set the "Security protocol" to HTTPS (manual setup) or HTTP
Save your changes
Check you have set the correct CNAME
If you're using HTTPS (manual setup) or HTTP, check that the CNAME record set is set to:
If your workspace is hosted in the US - custom.intercom.help
If your workspace is hosted in Europe - custom.eu.intercom.help
If your workspace is hosted in Australia: custom.au.intercom.help
If you're using HTTPS (quick set up), check that the CNAME record is set to:
If your workspace is hosted in the US - us.intercomhelpcenter.com
If your workspace is hosted in Europe - eu.intercomhelpcenter.com
If your workspace is hosted in Australia: au.intercomhelpcenter.com
HTTPS (quick set up) might not be available for your workspace.
To check which region your workspace is hosted in, look at the URL bar of your browser when you're using Intercom.
If the URL beings with:
app.intercom.com, your workspace is hosted in the USapp.eu.intercom.com, your workspace is hosted in Europeapp.au.intercom.com, your workspace is hosted in Australia
Check that the CNAME changes have propagated
CNAME changes take some time to propagate. These might take up to 72 hours depending on your provider.
You can check if the CNAME change has propagated using a tool like MXToolbox.
Another useful tool for verifying DNS propagation is whatsmydns.net, which can help confirm that your DNS changes have propagated globally.
Make sure to use CNAME Lookup in MXToolbox
If you're using HTTPS (manual setup) - in this case, running a CNAME check would typically not return any data as there is no need for the DNS to be linked to an Intercom domain. The configuration is done within the service you set up to implement HTTPS.
Check your Cloudflare settings
If you're using Cloudflare, ensure that the cloud beside your CNAME record is orange and that you have set SSL in the "Crypto" section to either "Flexible" or "Full".
Don’t choose ‘Full (Strict)’ as this will result in an invalid SSL certificate.
Make sure your Help Center is set live
Head over to Settings > Help Center and make sure that your Help Center has been set Live.
Resolving SSL Errors in Your Intercom Help Center
When you encounter SSL errors like ERR_SSL_VERSION_OR_CIPHER_MISMATCH or SSL_ERROR_NO_CYPHER_OVERLAP in your Intercom Help Center, it indicates a problem with the secure connection between your browser and the server. This guide will help you understand and resolve these common issues.
Understanding ERR_SSL_VERSION_OR_CIPHER_MISMATCH
This error occurs when your browser is unable to establish a secure connection to the server due to problems with the SSL (Secure Sockets Layer) configuration.
Common Causes
Misconfigured DNS settings or propagation delays: DNS (Domain Name System) records might be incorrectly configured or haven't fully propagated across the internet.
Example: A CNAME (Canonical Name) record pointing to Intercom’s us.intercomhelpcenter.com might not have propagated yet.
Tip: Wait up to 24 hours for DNS changes to take effect. DNS propagation can take time depending on your domain provider and internet service provider.
Conflicting or duplicate SSL certificates: If you're using HTTPS with a custom domain (quick setup), Intercom provides the SSL certificate. Any conflicting or additional certificates configured within your domain provider will cause errors and should be removed.
Pro tip: Ensure that only the SSL certificate provided by Intercom is active for your custom domain to avoid conflicts.
Understanding SSL_ERROR_NO_CYPHER_OVERLAP
This issue arises during the SSL/TLS (Transport Layer Security) handshake when the server and client cannot agree on supported encryption protocols or cipher suites.
Resolving Cipher Overlap Issues
Ensure up-to-date encryption standards: Both your browser and the server must support modern encryption standards.
Note: Older browsers or operating systems might not support the latest encryption protocols, leading to this error.
Tip: Update your web browser to the latest version to ensure it supports current encryption standards.
Addressing SSL handshake errors for link branding
Intercom does not configure SSL for link branding on custom domains. You are responsible for setting up and managing SSL certificates within your domain provider for link branding.
Resolving Link Branding SSL Issues
Visit your domain provider's SSL settings: To resolve SSL handshake issues for link branding, you will need to configure the SSL certificate directly with your domain provider.
Note: This is separate from the SSL certificate Intercom provides for your Help Center's main domain.
Important: Consult your domain provider's documentation or support for specific instructions on how to set up and troubleshoot SSL certificates.
If your SSL certificate is managed via a 3rd party provider, make sure that it is still valid.
Make sure you have at least one article published
If you're seeing Not found when trying to visit your Help Center, make sure that you have at least one article published. If there are no articles published, your Help Center will be inactive return Not found .
Error 1014- CNAME Cross-User Banned
If you encounter an Error 1014 when visiting your custom Help Center domain, this is likely due to a Cloudflare Cross User CNAME issue. To resolve this error:
Cloudflare DNS Settings: Ensure that the CNAME record is set to DNS-only mode (gray cloud icon) in Cloudflare, not proxied. The proxied setting(orange cloud icon) can result in the 1014 error.
CNAME Record: Create a CNAME record and ensure that your custom domain points to custom.intercom.help or us.intercomhelpcenter.com (depending on your HTTPS setup method)
TXT Record: Add the TXT record from your Intercom settings for verification.
Allow up to 48 hours for DNS propagation. If issue persists, further investigation into server settings may be necessary.
"Access Denied" Error During HTTPS Setup
If you encounter an "Access Denied" error when setting up HTTPS:
Double-check your CNAME record points to the correct regional domain
If using Cloudflare, ensure SSL mode is set to "Flexible" or "Full" (not "Full (Strict)")
Restarting the SSL setup by toggling HTTPS configuration off, waiting a few minutes, and toggling it back on is a recommended troubleshooting step.
Using Amazon CloudFront?
Ensure you are following all steps in the guide.
Using Custom Reverse Proxy?
Ensure guides are followed.
Sample CNAME lookup for a reverse proxy setup: will not find anything but will know which DNS server you utilize.
Hitting a 502 error when hitting custom.domain/robots.txt?
If you are using nginx (or ingress nginx) check your logs for:
“upstream sent too big header while reading response header from upstream”
If you find that message in your logs, you need to bump, in the annotation of your ingress (default is 4k):
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
or http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size in a vanilla nginx configuration.
That will resolve the problem with the 502 error when hitting custom.domain/robots.txt
What if my HTTPS setup status remains “Pending” for an extended period ?
If your HTTPS setup status remains “Pending” for an extended period, follow these steps:
Double-check your DNS configuration for common issues:
• Ensure the CNAME record is correctly formatted and does not include extra domain parts (e.g., do not append your own domain to the Intercom host).
• Make sure you are using a CNAME record, not an A record.
• The CNAME should point to the correct Intercom regional domain (e.g., us.intercomhelpcenter.com for US workspaces).After making corrections, allow time for DNS propagation, which can take from 1 hour up to 72 hours depending on your provider.
Once DNS is correctly set up and propagated, return to your Help Center settings and try enabling HTTPS (quick setup) again.
If the status remains “Pending” after these steps and sufficient time has passed, re-verify your DNS settings for any errors.
How to ensure long-term security and stability?
Once the HTTPS quick setup is enabled and functioning, recurring issues are unlikely unless settings are modified or misconfigured. Intercom provides SSL certification as part of this setup to ensure reliability.
Will article and collection page links redirect to my custom domain automatically?
After setting up your custom domain, article links will automatically redirect, but collection page links might still load under the default Intercom domain if directly accessed. For businesses prioritizing SEO, ensure collections are properly updated to work with the custom domain.
Scenarios After Reactivation or Payment Suspension
If the issue emerges after reactivating your Help Center or resolving payment suspensions:
Check your custom domain settings within Intercom and ensure all fields are correctly updated.
Remove the custom domain during troubleshooting if necessary and revert to the default Intercom domain temporarily.
Still running into issues?
If everything above looks to be in order, and you're still running into issues, reach out to our Support team via the Messenger, and they'll be happy to investigate this further for you!
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts